Free Preparation Discussions
MENU
IAPP AIGP Exam - Topic 2 Question 46 Discussion
Topic #: 2
A company is creating a mobile app to enable individuals to upload images and videos, and analyze this data using ML to provide lifestyle improvement recommendations. The signup form has the following data fields:
1.First name
2.Last name
3.Mobile number
4.Email ID
5.New password
6.Date of birth
7.Gender
In addition, the app obtains a device's IP address and location information while in use.
What GDPR privacy principles does this violate?
The GDPR privacy principles that this scenario violates are Purpose Limitation and Data Minimization. Purpose Limitation requires that personal data be collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes. Data Minimization mandates that personal data collected should be adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed. In this case, collecting extensive personal information (e.g., IP address, location, gender) and potentially using it beyond the necessary scope for the app's functionality could violate these principles by collecting more data than needed and possibly using it for purposes not originally intended.
Currently there are no comments in this discussion, be the first to comment!